CVE-2005-3047

Multiple cross-site scripting XSS vulnerabilities in PhpMyFaq 1.5.1 allow remote attackers to inject arbitrary web script or HTML via the 1 PMFCONFversion parameter to footer.php or 2 PMFLANGmetaLanguage to header.php...

CVE-2005-3049

CVE-2005-3049 affects phpMyFAQ 1.5.1, where data files are stored under the web document root with insufficient access control and predictable filenames. This allows remote attackers to obtain sensitive information via a direct request to data/tracking[DATE]. The NVD entry assigns a base score of...

PHPMyFAQ 1.5.1 - Multiple Cross-Site Scripting Vulnerabilities

PHPMyFAQ 1.5.1 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/14928/info PHPMyFAQ is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may...

phpmyfaq -- SQL injection, takeover, path disclosure, remote code execution

If magic quotes are off there's a SQL injection when sending a forgotten password. It's possible to overwrite the admin password and to take over the whole system. In some files in the admin section there are some cross site scripting vulnerabilities. In the public frontend it's possible to inclu...

phpMyFAQ <= 1.5.1 (User-Agent) Remote Shell Injection Exploit

No description provided by source. ?php 17.34 22/09/2005 phpmyfaqxpl.php PhpMyFaq 1.5.1 possibly prior versions shell inject by rgod site: http://rgod.altervista.org make these changes in your php.ini if you have troubles to launch this script: allowcalltimepassreference = on registerglobals = on...

phpMyFAQ <= 1.5.1 (User-Agent) Remote Shell Injection Exploit

Exploit for unknown platform in category web applications ============================================================= phpMyFAQ = 1.5.1 User-Agent Remote Shell Injection Exploit ============================================================= ?php 17.34 22/09/2005 phpmyfaqxpl.php PhpMyFaq 1.5.1...

phpMyFAQ 1.5.1 - &#039;User-Agent&#039; Remote Shell Injection

?php 17.34 22/09/2005 phpmyfaqxpl.php PhpMyFaq 1.5.1 possibly prior versions shell inject by rgod site: http://rgod.altervista.org make these changes in your php.ini if you have troubles to launch this script: allowcalltimepassreference = on registerglobals = on usage: launch this script from...

phpMyFAQ 1.5.1 - User-Agent Remote Shell Injection

phpMyFAQ 1.5.1 - User-Agent Remote Shell Injection ?php 17.34 22/09/2005 phpmyfaqxpl.php PhpMyFaq 1.5.1 possibly prior versions shell inject by rgod site: http://rgod.altervista.org make these changes in your php.ini if you have troubles to launch this script: allowcalltimepassreference = on...

PHPMyFAQ 1.5.1 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/14928/info PHPMyFAQ is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in t...

PHPMyFAQ 1.5.1 - Password.php SQL Injection

PHPMyFAQ 1.5.1 - Password.php SQL Injection source: https://www.securityfocus.com/bid/14927/info phpMyFAQ is affected by an SQL injection vulnerability. This issue is due to the application failing to properly sanitize user-supplied input before using it in a SQL query. This vulnerability could...

PHPMyFAQ 1.5.1 - &#039;Password.php&#039; SQL Injection

source: https://www.securityfocus.com/bid/14927/info phpMyFAQ is affected by an SQL injection vulnerability. This issue is due to the application failing to properly sanitize user-supplied input before using it in a SQL query. This vulnerability could permit remote attackers to pass malicious inp...

PHPMyFAQ 1.5.1 - Logs Unauthorized Access

source: https://www.securityfocus.com/bid/14930/info PHPMyFAQ is prone to an unauthorized access vulnerability. A remote attacker can exploit this vulnerability to view the application log file. This vulnerability could lead to the disclosure of various valid usernames, which could aid in brute...

PHPMyFAQ 1.5.1 - Logs Unauthorized Access

PHPMyFAQ 1.5.1 - Logs Unauthorized Access source: https://www.securityfocus.com/bid/14930/info PHPMyFAQ is prone to an unauthorized access vulnerability. A remote attacker can exploit this vulnerability to view the application log file. This vulnerability could lead to the disclosure of various...

PHPMyFAQ 1.5.1 - Local File Inclusion

PHPMyFAQ 1.5.1 - Local File Inclusion source: https://www.securityfocus.com/bid/14929/info PHPMyFAQ is prone to a local file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...

[SA16441] phpMyFAQ XML-RPC Nested XML Tags PHP Code Execution

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

CVE-2004-2256

Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows remote attackers to read arbitrary files, and possibly execute local PHP files, via .. sequences in the lang language variable...

CVE-2004-2257

CVE-2004-2257 affects phpMyFAQ 1.4.0, where remote attackers can access the Image Manager and upload or delete images without authorization via a direct request. The connected sources corroborate an authentication bypass exposing image management functionality, with practical impact described as ...

CVE-2004-2256

CVE-2004-2256 affects phpMyFAQ 1.4.0 alpha; a directory traversal flaw in the lang (language) parameter allows remote attackers to read arbitrary files and potentially execute local PHP files. The vulnerability arises from unsafely handling .. sequences, enabling access outside the intended direc...

CVE-2004-2255

CVE-2004-2255 affects phpMyFAQ

CVE-2004-2257

phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images without authorization via a direct request...